security and communication description - swiftnet fileact

Security and Communication description for SWIFTNet FileAct

Table of Contents

1 Introduction ...................................................................................................................................................................................................... 3

2 Definitions .......................................................................................................................................................................................................... 3

3 Security and communication specification ................................................................................................................................. 4

3.1 Service name ......................................................................................................................................................................................... 4

3.2 Requestor Distinguished Name (DN) .................................................................................................................................. 4

3.3 Responder Distinguished Name (DN) ................................................................................................................................ 5

3.4 Delivery Notification......................................................................................................................................................................... 5

3.5 Non-repudiation ................................................................................................................................................................................. 5

3.6 Request Type ........................................................................................................................................................................................ 5

3.7 File transmission to Nordea ........................................................................................................................................................ 5

3.8 Parameters for test and production ...................................................................................................................................... 5

3.8.1 From customer towards Nordea .................................................................................................................................. 6

3.8.2 From Nordea towards customer .................................................................................................................................. 7

3.9 FileAct configuration parameters ........................................................................................................................................... 8

4 SWIFTNet Security ...................................................................................................................................................................................... 9

4.1 Security violation ................................................................................................................................................................................ 9

5 Sending files to Nordea ............................................................................................................................................................................ 9

6 Receiving files from Nordea ................................................................................................................................................................ 10

7 Test procedure ............................................................................................................................................................................................. 10

7.1 Connection test in test environment .................................................................................................................................. 10

7.2 End-to-end testing .......................................................................................................................................................................... 10

7.3 Testing of Messages / files ....................................................................................................................................................... 10

7.4 Connection test in production environment ................................................................................................................. 11

Version change history

Version Date Description of changes 1.0 7-11-2008 • This document replaces the security and communication description for

SWIFTNet FileAct – Corporate eGateway2.0 8-03-2012 • Links to SWIFT documents in chapter 3 updated

• Chapter 3.1 – Service name added• Request Types updated

3.0 23-11-2015 • General updates

Document Title

Version

Author

Subject

Department

Security and communication description for SWIFTNet FileAct 3.0

Integration Services

2015-11-23 Date

3(11) Page

Reference

1 Introduction

This document describes the communication set-up in connection to SWIFTNet FileAct communication between companies and Nordea. The security solution for SWIFTNet FileAct is provided by SWIFT – see links for documentation in chapter 3.

The document is intended for technical staff at the company.

2 Definitions

Word Description Corporate eGateway Nordea’s advanced solution for host-to-host exchange of files

in EDIFACT and/or other formats SWIFTNet SWIFT’s IP-based messaging platform, which includes the

core store-and-forward SWIFTNet FIN service and three additional messaging services: SWIFTNet InterAct, SWIFTNet FileAct, and SWIFTNet Browse.

SWIFTNet FileAct A service for secure and reliable transfer of files and typically used to exchange batches of structured financial messages and large reports. SWIFTNet FileAct supports tailored solutions for market infrastructure communities, closed user groups and financial institutions.

Document Title Security and Communication for 2015-11-23 Date

SWIFTNet FileAct Version 3.0 4(11) Page

Reference

3 Security and communication specification

The SWIFTNet FileAct solution offered by Nordea is fully compatible with SWIFTNet security and communication standards. Relevant documentation is available at the following link:

www.swift.com

SWIFTNet Public key infrastructure, product overview, September 2002 http://www.swift.com/solutions/messaging/messaging_products/fileact/swiftnet_pki/Sept02_SWIFTNet_PKI_Pro duct_Overview.pdf

SWIFTNet FileAct Implementation Guide, May 2008 http://www.swift.com/solutions/by_customer/corporates/overview/SW4CORP_FAIMPGUIDE_July2008_V11.pdf

Similar documentation for financial institutions can be found in the SWIFT User Handbook.

Companies using Nordea’s SWIFTNet FileAct service must implement SWIFTNet security and communication in accordance with the above-mentioned documentation.

Specific services and/or points from the above-mentioned documents should be handled according to Nordea’s rules as follows:

3.1 Service name

Nordea supports the following service Types: Generic, SCORE and MA-CUG through real time communication.

Service: Generic SCORE MA-CUG Production swift.generic.fa swift.corp.fa ndease.macugrtsb Test swift.generic.fa!p swift.corp.fa!p ndease.macugrtsb!p

3.2 Requestor Distinguished Name (DN)

Requestor Distinguished Name identifies file senders organisational unit (address). This will always be stated in contacts with Nordea regarding the FileAct service.

Service: Requestor DN (production): Requestor DN (test): ou=egw,o=ndeafihh,o=swift. 1) ou=egw,o=ndeafihh,o=swift 1) Corporate eGateway

EDIFACT files All other file types ou=sgw,o=ndeafihh,o=swift. 1) ou=sgw,o=ndeafihh,o=swift 1)

1) The DN will be used when sending files to customers. Note that customers must always inform Nordea, which Requestor DN they use.

http://www.swift.com/

http://www.swift.com/solutions/messaging/messaging_products/fileact/swiftnet_pki/Sept02_SWIFTNet_PKI_Product_Overview.pdf

http://www.swift.com/solutions/messaging/messaging_products/fileact/swiftnet_pki/Sept02_SWIFTNet_PKI_Product_Overview.pdf

http://www.swift.com/solutions/by_customer/corporates/overview/SW4CORP_FAIMPGUIDE_July2008_V11.pdf



Reference

3.3 Responder Distinguished Name (DN)

Responder Distinguished Name identifies file receivers organisational unit (address). This must always be stated in contacts with Nordea regarding the FileAct service.

Service: Responder DN (production): Responder DN (test): ou=egw,o=ndeafihh,o=swift. 1) Ou=egw,o=ndeafihh,o=swift 1) Corporate eGateway

EDIFACT files All other file types ou=sgw,o=ndeafihh,o=swift. 1) Ou=sgw,o=ndeafihh,o=swift 1)

1) The DN must be used when sending files to Nordea. Note that customers always have to inform Nordea,which Responder DN they use.

3.4 Delivery Notification The feature Delivery Notification should always be used when using SWIFTNet FileAct with Nordea.

3.5 Non-repudiation Nordea requires that the service “Non-repudiation”, as provided by SWIFT, shall always be applied whenever using the FileAct service with Nordea.

3.6 Request Type The request type must always be stated and must comply with SWIFT rules. For Nordea request types see chapter 3.7 and 3.8 or contact Nordea (Cash Management adviser or technical adviser).

3.7 File transmission to Nordea The company sends its material to Nordea using SWIFTNet FileAct. The company and Nordea must agree on which file types to use and which underlying services to connect.

3.8 Parameters for test and production The following parameter set-up must apply when communicating through SWIFTNet FileAct to Nordea using the services Corporate eGateway or Filegate.



Reference

3.8.1 From customer towards Nordea

FileAct Emission Profile Parameters Sender: Customer

Field Value/Keyword Notes

Requester DN ou=??,o=bic8,o=swift1) Customer specific

Responder DN ou=egw,o=ndeafihh,o=swift DN for Corporate eGateway EDIFACT files

Responder DN ou=sgw,o=ndeafihh,o=swift DN for other file types

Request Type pain.xxx.paymul EDIFACT Payment message

pain.xxx.author EDIFACT Direct Debit message

pain.xxx.dirdeb EDIFACT Authorisation message

pain.xxx.finv.lahlaskut E-invoice from invoicer FI

pain.xxx.finv.pallaskut Returnable invoices FI

pain.xxx.sft.telepay2 Telepay NO

pain.xxx.sft.factoring Sales receivables FI

pain.fin.mt101 Request for Transfer

pain.001.001.02 Payment file, ver. 2

pain.001.001.03 Payment file, ver. 3

pain.006.001.01 Payment – Cancellation request See “SWIFTNet Messaging Operations Guide” (August 2004) for more details about request types

Filename <customer_file_name> Customer can specify unless otherwise required by Nordea. Note: Must be agreed with Nordea

Non-repudiation TRUE

Delivery notification TRUE

1) bic8= customer’s BIC/BEI address (8 characters).



Reference

3.8.2 From Nordea towards customer

FileAct Emission Profile Parameters Sender: Nordea

Field Value/Keyword Notes

Requester DN ou=egw,o=ndeafihh,o=swift DN for Corporate eGateway EDIFACT files

Responder DN ou=sgw,o=ndeafihh,o=swift DN for other file types

Responder DN ou=??,o=bic8,o=swift1) Customer specific

Request Type pain.xxx.author EDIFACT Authorisation message

pain.xxx.bansta EDIFACT Direct Debit message

pain.xxx.contrl EDIFACT Control receipt message

pain.xxx.cremul EDIFACT Credit advice message

pain.xxx.debmul EDIFACT Debit advice message

pain.xxx.finsta EDIFACT Account statement

pain.xxx.sft.notelefbl Telepay feedback NO

pain.xxx.finv.hyllaskut Rejected e-invoices to sender FI

pain.xxx.finv.haelaskut E-invoice to payer FI

camt.xxx.sft.ktl Reference payment FI

camt.xxx.sft.tito Account statement FI

camt.xxx.sft.firftswpl Rft feedback from SWIFT

camt.xxx.sft.firft000l Rft feedback

pain.002.001.02 Payment status message, ver. 2

pain.002.001.03 Payment status message, ver. 3

camt.053.001.02 Account statement

camt.054.001.02 Credit and debit advice

camt.fin.mt940 SWIFT Account statement

camt.fin.mt942 SWIFT Interim transaction report See “SWIFTNet Messaging Operations Guide” (August 2004) for more details about request types

Filename <nordea_file_name> NORDEAPROD NORDEATEST (see UNB- address) Nordea will specify unless otherwise agreed.

Non-repudiation TRUE

Delivery notification TRUE 1) bic8= customer’s BIC/BEI address (8 characters).



Reference

3.9 FileAct configuration parameters Nordea uses SWIFTNet FileAct communication protocol via Nordea Bank Finland Plc.

All communication using SWIFTNet FileAct must therefore be established with Nordea Bank Finland Plc.

Below is a description of all parameters to be used vis-à-vis Nordea, for both production and test purposes:

Description: Production: Test: Nordea Requester DN: ou=egw,o=ndeafihh,o=swift. ou=egw,o=ndeafihh,o=swift Nordea Responder DN: ou=egw,o=ndeafihh,o=swift. ou=egw,o=ndeafihh,o=swift

swift.generic.fa swift.generic.fa!p SWIFTNet service name Bank to bank

swift.corp.fa swift.corp.fa!p SWIFTNet service name SCORE

ndease.macugrtsb ndease.macugrtsb!p SWIFTNet service name MA-CUG Delivery notification Yes Optional Non repudiation Yes Optional Request Type See chapter 3.7.1 and 3.7.2 See chapter 3.7.1 and 3.7.2 UNB EDI-address

1)NORDEAPROD:ZZ NORDEATEST:ZZ

1) Only relevant for corporate eGateway users. See further description in the document Corporate eGateway - Message flow and use of EDIFACT



Reference

4 SWIFTNet Security

SWIFTNet certificates are used for authenticating/encrypting the traffic between the SWIFTNet/FileAct interfaces, and the identity of the sender is always verified by SWIFT. Each party (Nordea and the customer) is responsible for securing the files between the back-end system and the FileAct interface.

The SWIFTNet security does not include an end-to-end signature meaning that the actual user (authoriser of the payment) can-not be identified by Nordea. Identification of the user must be handled on the customer side or an add-on security solution must be implemented (e.g. AUTACK for EDIFACT services).

4.1 Security violation

When a possible security violation is detected by either the customer or Nordea, the party that discovered the abnormality must without delay inform the other party through the contact points listed in the Contacts List by e-mail and telephone.

The other party will immediately verify the authenticity of the request by calling the contact person responsible for security violation listed in the Contacts List.

If the Customer suspects that the security of a Message is compromised, the Customer must without undue delay notify Nordea’s Service Support by telephone or e-mail. The Customer should describe the nature of the problem and ask Service Support to stop accepting Messages which use the compromised security solution for authentication. After the Service Support has confirmed that the request to stop accepting Messages has been made by the Customer the Service Support will, on the best effort bases, stop the Customer's Messages which have been received previously but which have not yet been either processed in Nordea's systems or executed in the banks where the account to be debited is located.

5 Sending files to Nordea

Nordea can start receiving files once the test procedure is completed and validated by both parties. To start sending files the Company must have completed the SWIFTNet FileAct communication set-up with exchanged information mentioned above. The Company will have to create test files with transactions that can be used during testing. The file should be as similar to a production file as possible. The Company should create files that contain all of the services and transaction types that the customer is going to use during production.

After completion of successful testing the Company is placed in “production mode” and can start sending and retrieving files with Nordea.



Reference

6 Receiving files from Nordea

Nordea can start sending files, when the files are created in Nordea's system. To start sending files the customer must have completed the SWIFTNet FileAct communication set-up with exchanged information mentioned above. The company’s system must be available for receiving files from Nordea during test and production.

7 Test procedure

The test procedure described below must be completed before a customer can start using any service through SWIFTNet FileAct.

7.1 Connection test in test environment

The connection test is done by sending a random file between the customer and Nordea.

Test with file from Customer to Nordea The test is successful when the customer has sent a file to Nordea and received a FileAct Delivery acknowledgement from Nordea's FileAct interface. The file will not be processed further.

Test with file from Nordea to the customer The test is successful when Nordea has sent a file to the customer and received a FileAct Delivery Acknowledgement from the customer’s FileAct interface.

7.2 End-to-end testing

When the connection test is completed (one successful file transfer both ways) an end-to-end test can be performed. The purpose of the test is to verify that the file is properly routed to the back-end system.

7.3 Testing of Messages / files

In order to ensure that the messages or files can be processed correctly a syntax and content test must be performed

Testing on customer side: Sample files or copies of production files should be sent to the customer depending on the possibilities of the local service. Testing on Nordea’s side: Testing of files/Messages must be performed according to the requirements of the local service.



Reference

7.4 Connection test in production environment

Before going live with SWIFTNet FileAct a connection test of the production environment must take place. This is done the same way as the Connection test for test environment.

security and communication description - swiftnet fileact

Documents